Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our User Agreement and Privacy Policy.

Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our Privacy Policy and User Agreement for details.

Fosdem 18: Securing embedded Systems using Virtualization

Hypervisors were once seen as purely cloud and server technologies, but have slowly seeped into the embedded space providing extra layers of security. This discussion will showcase how companies from security vendors to automotive are using open source hypervisors (particularly Xen Project) to secure embedded systems, what challenges they face and how they have overcome it. We will also explore what this might mean to IoT at large and how to get started in securing your embedded system with a hypervisor-first approach.

Hypervisors were once seen as purely cloud and server technologies, but have slowly seeped into the embedded space providing extra layers of security. This discussion will showcase how companies from security vendors to automotive are using open source hypervisors (particularly Xen Project) to secure embedded systems, what challenges they face and how they have overcome it. We will also explore what this might mean to IoT at large and how to get started in securing your embedded system with a hypervisor-first approach.

The topic will cover content such as: * Why virtualisation in embedded * Hypervisor architectures on ARM and a quick roundup of examples * Relevant security technologies * Specific requirements for embedded systems * Example usage of FOSS based hypervisors in embedded * Challenges such as safety certification and how this may be approached

3.
EL0/PL0 least privileged mode used for applications (user mode)
EL1/PL1 privileged mode used for running kernels such as the Linux kernel
EL2/PL2 This has a higher level of privilege and can be used to run a hypervisor which takes control
of the system and can host multiple "guest" operating systems

6.
github.com/siemens/jailhouse
Lightweight (sub 10k LoC) partitioning hypervisor by Siemens
Linux used for bootstrap and control of partitions
Focus is on partitioning and not on virtualization
No scheduler, no IO emulator, etc.
Appears to have good basic feature set, with key areas WIP:
cache region, config tools, ARM64 support fairly new
Also see:
– AGL Talk May2017: goo.gl/6HHY5a

7.
xenproject.org
General purpose hypervisor used in a wide range of supported use-
cases and products in different markets (including embedded,
military/aviation, medical, automotive)
Linux or NetBSD used for bootstrap, control plane and drivers
Expansive feature set, that is highly customizable and flexible
Strong and diverse open source community

10.
Existing
net, block, console
keyboard, mouse, USB
framebuffer, GPU sharing*
New in Xen 4.9, more in 4.11
9pfs (share a filesystem between VMs)
Pvcalls (forward POSIX calls across VMs)
multitouch, sound, display, DRM
Developing New Ones
Easy to write (GPL and BSD samples)
Kernel and User Space
*) A number of different approaches by different vendors in different market
segments are being deployed, which are PV-like, but not strictly a PV
protocol

12.
Meltdown
Cannot be exploited from a fully virtualized (i.e. ARM, HVM or PVH)
➜ Fully virtualized VMs offer significant protection against Meltdown
Spectre
On current information: substantially harder to exploit under Xen than
under monolithic kernels because there are significantly fewer options for
the attacker to interact with the hypervisor
– Attacker needs a suitable "gadget" running inside of the Hypervisor
GPZ use the eBPF engine to execute a gadget written by them, designed to
'leak' the maximum amount of information
– Initial analysis: Xen has nothing similar to eBPF

31.
Extremely Flexible and Versatile
Proven in many different markets
Easy to port to new environments
Easy to develop new PV drivers
Highly customizable
Security and Resilience
Isolation, Partitioning, Security Features
Functional Safety
Examples of Safety Certification
Looking at ways to make this easier and cheaper
Engaging with other groups looking at this (e.g. AGL, …)
Challenges still being addressed
Standardization of more I/O devices via PV protocols
Standardization of GPU and co-processor sharing
RTOS or other minimal OS as Dom0
Testing of embedded Hardware by the project
Picture by Lars Kurth